diff --git a/hosts/fw/modules/gitea-runner-image-README.md b/hosts/fw/modules/gitea-runner-image-README.md
deleted file mode 100644
index dfa1677..0000000
--- a/hosts/fw/modules/gitea-runner-image-README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Gitea Runner Docker Image
-
-This directory contains the Dockerfile for the custom Gitea Actions runner image that includes additional dependencies needed for CI workflows.
-
-## Included Tools
-
-- **Base**: `shivammathur/node:latest` (includes Node.js and common development tools)
-- **Chrome dependencies**: Full Puppeteer/Chromium dependencies for headless browser testing
-- **webp**: WebP image format tools (`cwebp`, `dwebp`)
-- **libavif-bin**: AVIF image format tools (`avifenc`, `avifdec`)
-
-## Building the Image
-
-```bash
-cd hosts/fw/modules
-docker build -f gitea-runner.Dockerfile -t git.cloonar.com/infrastructure/gitea-runner:latest .
-```
-
-## Pushing to Registry
-
-First, authenticate with your Gitea container registry:
-
-```bash
-docker login git.cloonar.com
-```
-
-Then push the image:
-
-```bash
-docker push git.cloonar.com/infrastructure/gitea-runner:latest
-```
-
-## Using the Image
-
-The image is already configured in `gitea-vm.nix` and will be used automatically by the Gitea Actions runners for jobs labeled with `ubuntu-latest`.
-
-## Updating the Image
-
-When you need to add new dependencies:
-
-1. Edit `gitea-runner.Dockerfile`
-2. Rebuild the image with the commands above
-3. Push to the registry
-4. Restart the runner VMs: `systemctl restart microvm@git-runner-1.service microvm@git-runner-2.service`
diff --git a/hosts/fw/modules/gitea-runner.Dockerfile b/hosts/fw/modules/gitea-runner.Dockerfile
deleted file mode 100644
index 6712e3a..0000000
--- a/hosts/fw/modules/gitea-runner.Dockerfile
+++ /dev/null
@@ -1,47 +0,0 @@
-FROM shivammathur/node:latest
-
-# Install Chrome dependencies for Puppeteer
-RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    fonts-liberation \
-    libappindicator3-1 \
-    libasound2t64 \
-    libatk-bridge2.0-0 \
-    libatk1.0-0 \
-    libc6 \
-    libcairo2 \
-    libcups2 \
-    libdbus-1-3 \
-    libexpat1 \
-    libfontconfig1 \
-    libgbm1 \
-    libgcc-s1 \
-    libglib2.0-0 \
-    libgtk-3-0 \
-    libnspr4 \
-    libnss3 \
-    libpango-1.0-0 \
-    libpangocairo-1.0-0 \
-    libstdc++6 \
-    libx11-6 \
-    libx11-xcb1 \
-    libxcb1 \
-    libxcomposite1 \
-    libxcursor1 \
-    libxdamage1 \
-    libxext6 \
-    libxfixes3 \
-    libxi6 \
-    libxrandr2 \
-    libxrender1 \
-    libxss1 \
-    libxtst6 \
-    lsb-release \
-    wget \
-    xdg-utils \
-    webp \
-    libavif-bin \
-    && rm -rf /var/lib/apt/lists/*
-
-# Verify installations
-RUN cwebp -version && avifenc --version
diff --git a/hosts/fw/modules/gitea-vm.nix b/hosts/fw/modules/gitea-vm.nix
index 33155cb..d202cd4 100644
--- a/hosts/fw/modules/gitea-vm.nix
+++ b/hosts/fw/modules/gitea-vm.nix
@@ -55,8 +55,7 @@ in {
         name = runner;
         tokenFile = "/run/secrets/gitea-runner-token";
         labels = [
-          # "ubuntu-latest:docker://shivammathur/node:latest"
-          "ubuntu-latest:docker://git.cloonar.com/infrastructure/gitea-runner:latest"
+          "ubuntu-latest:docker://shivammathur/node:latest"
         ];
         settings = {
           container = {
diff --git a/hosts/fw/modules/gitea.nix b/hosts/fw/modules/gitea.nix
index e74c0ce..3e2daef 100644
--- a/hosts/fw/modules/gitea.nix
+++ b/hosts/fw/modules/gitea.nix
@@ -70,9 +70,6 @@ in
         sslCertificateKey = "/var/lib/acme/gitea/key.pem";
         sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem";
         forceSSL = true;
-        extraConfig = ''
-          client_max_body_size 2048M;
-        '';
         locations."/" = {
           proxyPass = "http://localhost:3001/";
         };
@@ -112,12 +109,6 @@ in
             USER           = "gitea@cloonar.com";
           };
           actions.ENABLED=true;
-          attachment = {
-            MAX_SIZE = 2048;  # 2GB in MB for general attachments
-          };
-          packages = {
-            ENABLED = true;
-          };
         };
       };
 
diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix
index 7682b75..adf061a 100644
--- a/hosts/nb/users/dominik.nix
+++ b/hosts/nb/users/dominik.nix
@@ -655,7 +655,7 @@ in
         };
         "tools.epicenter.works" = {
           user = "root";
-          identityFile = "~/.ssh/epicenter_id_ed25519";
+          identityFile = "~/.ssh/epicenter.id_rsa";
         };
         "*.epicenter.works !tools.epicenter.works" = {
           user = "dominik";
diff --git a/hosts/web-arm/sites/cloonar.com.nix b/hosts/web-arm/sites/cloonar.com.nix
index 06de94b..66cf45d 100644
--- a/hosts/web-arm/sites/cloonar.com.nix
+++ b/hosts/web-arm/sites/cloonar.com.nix
@@ -62,7 +62,7 @@ in {
     #home = "/home/${domain}";
     group  = "nginx";
     openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKKJEgyfKyz5sf5GT0HYXiDmf36fnLe/exbXbRpsNJi"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
     ];
   };
   users.groups.${domain} = {};
diff --git a/hosts/web-arm/sites/cloonar.dev.nix b/hosts/web-arm/sites/cloonar.dev.nix
index 5f1520a..5873645 100644
--- a/hosts/web-arm/sites/cloonar.dev.nix
+++ b/hosts/web-arm/sites/cloonar.dev.nix
@@ -14,42 +14,20 @@ in {
     '';
 
     locations."~* \.(jpe?g|png)$".extraConfig = ''
-      set $img_format Z;
-
-      # Check for AVIF support (highest priority)
-      if ($http_accept ~* "avif") {
-          set $img_format A;
-      }
-
-      if (-f $document_root/avif/$request_uri.avif) {
-          set $img_format "''${img_format}V";
-      }
-
-      # Serve AVIF if supported and available
-      if ($img_format = "AV") {
-          add_header Vary Accept;
-          rewrite ^ /avif/$request_uri.avif break;
-      }
-
-      # Reset and check for WebP support (fallback)
-      set $img_format Z;
+      set $red Z;
 
       if ($http_accept ~* "webp") {
-          set $img_format W;
+          set $red A;
       }
 
       if (-f $document_root/webp/$request_uri.webp) {
-          set $img_format "''${img_format}P";
+          set $red "''${red}B";
       }
 
-      # Serve WebP if supported and available
-      if ($img_format = "WP") {
+      if ($red = "AB") {
           add_header Vary Accept;
-          rewrite ^ /webp/$request_uri.webp break;
+          rewrite ^ /webp/$request_uri.webp;
       }
-
-      # If neither AVIF nor WebP matched, serve original format
-      add_header Vary Accept;
     '';
 
     locations."^~ /vcards/".extraConfig = ''
@@ -62,7 +40,7 @@ in {
         try_files $uri $uri/ /vcards/index.php$is_args$args;
     '';
 
-    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
+    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
       expires 365d;
       add_header Pragma "public";
       add_header Cache-Control "public";